Information Security Officer
Recruiter
Department for Education
Listed on
25th October 2021
Location
United Kingdom
Type
Permanent
Start Date
ASAP
This job has now expired please search on the home page to find live IT Jobs.
The Cyber and Information Security (CIS) Division was established in 2018. We have been going through a period of change since and continue to mature whilst transforming the way the Department for Education and the sector thinks about and delivers security.This is a great opportunity if you want a challenge at a national level. Joining CIS means you will help to safeguard children and ensure their education and care is delivered effectively by building ways of working and systems that adapt to evolutions in technology, methodology and threat. Job Description We are looking for Information Security Officers (ISOs) to act as a partner, adviser, and authority in the implementation of the department's Waterfall and Agile information security models.
The nature of your workload will vary from assurance of business services and applications through to the more complex assessment of towers of services and of platforms.
The role also includes supporting the Lead ISO in pastoral mentorship towards more junior members of the team.
The combination of professional IT capabilities within this team will provide you with the opportunity to be involved in a variety of exciting areas based on your expertise along with a clear personal development path.
As part of the role, you will be expected to hold or apply to the National Security Vetting process in order to obtain Security Clearance (SC). Responsabilties
Responsibilities in this role will include:
Acting as an information security technical subject matter expert supporting the businesses in obtaining and maintaining Authority to Operate (AtO). Providing briefing to Information Security Governance boards towards new and BAU services, specifically leading our high value systems and platforms through the department's AtO process.
Ensuring alignment to appropriate standards and recommending suitable control improvements. Evaluating and raising risks to confidentiality, integrity or availability.
Advising and guiding business services on maintaining compliance with relevant legislation, i.e. DPA 2018,
Contributing to the implementation and development of supporting policies.
Maintaining a frequent security partner relationship with specified high value services through their service life. Building and maintaining a strong working relationship with both internal and external stakeholders.
Finding opportunities to improve Information Security processes, business engagement, policy suite, documentation and service offering.
About You
We are looking for someone to show us the following essential criteria:
Essential Criteria
Experience of performing technical and information risk assessments.
Ability to analyse disparate sources of information.
Evidence of making good judgements and recommendations to senior stakeholders and management.
Excellent written and verbal communication skills. Ability to demonstrate that you comprehend the value of managing expectations and have a proven track record of doing so.
A broad knowledge of technologies, including common vulnerabilities and exploits with a comprehensive knowledge of security controls.
It would be desirable, but not essential, if you can demonstrate:
Familiarity with the NCSC suite of security policy, guidance and standards.
Experience in using good practice standards such as ISO 27001 (Implementation, Compliance, Certification and audit reviews).
Experience of undertaking information security in both a waterfall and an agile context.
Experience of Security Architecture Design.
Hold some or all of the following qualifications:
SABSA Chartered Security Architect - Foundation Certificate (SCF).
Certified Information Systems Security Professional (CISSP).
Certificated Information Security Manager (CISM).
CompTIA Advanced Security Practitioner (CASP+).
ISEB Practitioner Certificate in Information Risk Management.
Desirable criteria will only be assessed in the event of a tie break situation to make an informed decision. Behaviours We'll assess you against these behaviours during the selection process: Making Effective Decisions Developing Self and Others Communicating and Influencing Working Together Leadership Changing and Improving Technical Skills We'll assess you against these technical skills during the selection process: Security Controls Risk Management Business Partnering Benefits Salary
New entrants are expected to join on the minimum of the pay band. Applicants currently holding a permanent post in the Civil Service should note that, if successful, their salary on appointment would be determined by the Department's transfer / promotion policies.
Pension:
As a member of the DfE, you will be entitled to join the highly competitive Civil Service Pension Scheme, which many experts agree is one of the most generous in the UK.
For further information on these schemes, please refer to the Civil Service Pensions website.
Annual Leave:
You will have 25 days leave, increasing by 1 day every year to a maximum of 30 days after five years' service. In addition, all staff receive the Queen's Birthday privilege holiday and 8 days' bank and public holidays.
Other Benefits:
As an organisation, which exists to support education and lifelong learning, we offer our staff excellent professional development opportunities. We offer flexible working arrangements, such as job sharing, term-time working, flexi-time and compressed hours. We provide great maternity, adoption, and shared parental leave. We offer up to 5 days paid leave per year for voluntary work you may wish to undertake. We also offer: Bike loans (subject to availability and location); Season ticket loans; eye-care vouchers; access to employee discount scheme; access to Employee Assistance Programme. A wide variety of staff support networks including a Family Network, BAME Network, Wellbeing Network, Women's Network and many more. Things you need to know Security Successful candidates must pass a disclosure and barring security check.
